Article

coolguys's picture
article
Reads:

5190

Score:
0
0
 
Comments:

0

Modifying Custom Attributes with the IDM Null Driver

Author Info

10 December 2007 - 10:42am
Submitted by: coolguys

Author Blog
Author Profile

Tags

Tags Map

(View Disclaimer)

Problem

A Forum reader recently asked:

"I have IDM 3.5 with a Identity Vault and other drivers, such as AD, JDBC, and Notes. Can I modify a custom attribute on users in a OU in my IDV? This operation is captured by a loopback driver that create a user on another OU of my driver, with some attributes populated."

And here's the response from Father Ramon ...

Solution

Here's what you need to do:

1. Use the null driver rather than the loopback driver.

2. Add a User to the subscriber filter.

3. Set it to synchronize on the subscriber channel and ignore on the publisher channel.

4. Add the Description attribute to the User class in the filter

5. Set it to notify on the subscriber channel and ignore on the publisher channel.

6. Add a subscriber channel event transformation - something like this:

<policy>
  <rule>
   <description>create portal user</description>
   <conditions>
    <and>
     <if-class-name mode="nocase" op="equal">User</if-class-name>
     <if-src-dn op="in-container">users</if-src-dn>
     <if-op-attr mode="nocase" name="Description" 
op="changing-to">pippo</if-op-attr>
    </and>
   </conditions>
   <actions>
    <do-set-local-variable name="portalDN" scope="policy">
     <arg-string>
      <token-text xml:space="preserve">portal\</token-text>
      <token-src-name/>
     </arg-string>
    </do-set-local-variable>
    <do-add-src-object class-name="User">
     <arg-dn>
      <token-local-variable name="portalDN"/>
     </arg-dn>
    </do-add-src-object>
    <do-add-src-attr-value class-name="User" name="Surname">
     <arg-dn>
      <token-local-variable name="portalDN"/>
     </arg-dn>
     <arg-value>
      <token-src-attr name="Surname"/>
     </arg-value>
    </do-add-src-attr-value>
   </actions>
  </rule>
  <rule>
   <description>Veto further processing</description>
   <conditions/>
   <actions>
    <do-veto/>
   </actions>
  </rule>
</policy>

7. Duplicate the last action in the first rule for each attribute you want to copy from the original object to the new object.

For information on the difference between a loopback driver and a null driver, see:

http://www.novell.com/documentation/idm35/admin/data/b9132yx.html


Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.



Related Articles


User Comments

© 2013 Novell